Vro redundancy protocol is a good solution. In this protocol, the default gateway of the terminal IP device on the shared multi-access media (such as Ethernet) is backed up redundant, so that when one of the routing devices goes down, the backup routing device takes over forwarding in a timely manner and provides transparent switching to users, improving the quality of network service.
I. Protocol Overview
In a TCP/IP-based network, a route must be specified to ensure communication between devices that are not directly physically connected. Currently, there are two commonly used routing Methods: one is dynamic learning through the routing protocol (such as the internal routing protocol rip and OSPF), and the other is static configuration. It is unrealistic to run dynamic routing protocols on each terminal. Most client operating systems do not support dynamic routing protocols, even the support is restricted by many problems such as management overhead, convergence, and security. Therefore, Static Routing configurations for terminal IP devices are generally used to specify one or more default gateways for terminal devices ). The static routing method simplifies network management complexity and reduces the communication overhead of terminal devices. However, it still has a disadvantage: If the router used as the default gateway is damaged, all communications that use the gateway for the next hop host must be interrupted. Even if multiple default gateways are configured, you cannot switch to the new Gateway without restarting the terminal device. The use of virtual router redundancy protocol (vrrp) can avoid the defects of static gateway.
There are two important concepts in vrrp: vrrp router and vro, Master router and backup router. A vrrp router is a vro running vrrp and a physical entity. A vro is a logical concept created by the vrrp protocol. A group of vrrp routers work together to form a virtual router. The vro acts as a logical router with a unique fixed IP address and MAC address. Vrouters in the same vrrp group have two mutually exclusive roles: Master router and backup router. One vrrp group has only one vro in the master role, you can have one or more vrouters in the backup role. Vrrp uses the selection policy to select one from the vro group as the master, which is responsible for ARP and forwarding IP data packets. Other vrouters in the group are on standby as backup roles. When the master control router fails for some reason, the backup router can be upgraded to the master router after several seconds of delay. Because the switchover is fast and there is no need to change the IP address and MAC address, it is transparent to the end user system.
Ii. Working Principle
A vrrp router has a unique identifier: vrid, ranging from 0 to 255. The router acts as a unique virtual MAC address in the format of 00-00-5e-00-01-[vrid]. The master router is responsible for responding to ARP requests using the MAC address. In this way, no matter how you switch, the only consistent IP address and MAC address are provided to the terminal device, reducing the impact of the switch on the terminal device.
There is only one vrrp control packet: vrrp announcement (advertisement ). It uses IP multicast data packets for encapsulation. The Group address is 224.0.0.18 and the publishing scope is limited to the same LAN. This ensures that vrid can be reused in different networks. To reduce network bandwidth consumption, only the master router can periodically send vrrp notification packets. The backup router fails to receive vrrp within three consecutive notification intervals or receives a notice with priority 0 to start a new round of vrrp election.
In a vrrp router group, the master router is selected by priority. The priority range of vrrp is 0-255. If the IP address of the vrrp router is the same as that of the vro interface, the vro is the IP address owner in the vrrp group. The IP address owner automatically has the highest priority: 255. Priority 0 is generally used when the IP address owner voluntarily waives the master role. The configurable priority ranges from 1 to 254. The priority configuration principle can be set based on the link speed and cost, router performance and reliability, and other management policies. In the election of the master router, the high-priority vro wins. Therefore, if there is an IP address owner in the vrrp group, it will always appear as the role of the master router. Candidate routers with the same priority are selected in the order of IP addresses. Vrrp also provides a priority Preemption Policy. if this policy is configured, the high-priority backup router will deprive the current low-priority master router and become the new master router.
To ensure the security of vrrp, two security authentication measures are provided: plaintext authentication and IP Address Header authentication. Plaintext authentication method requirements: The same vrid and plaintext password must be provided when you join a vrrp router group. It is suitable for avoiding configuration errors in the LAN, but cannot prevent obtaining the password through network listening. The IP header authentication method provides higher security and can prevent attacks such as packet replay and modification.
3. Application Instances
The most typical vrrp application: RTA and RTB constitute a vrrp router group. If the processing capability of RTB is higher than that of RTA, RTB is configured as the IP address owner, the default gateways for H1, H2, and H3 are set to RTB. RTB becomes the master router and is responsible for forwarding ICMP redirection, ARP response, and IP packets. Once RTB fails, RTA immediately starts switching and becomes the master router, ensuring transparent security switching to customers.
In vrrp applications, when RTA is online, RTB is used as a backup and does not participate in forwarding. The routers RTA and link L1 are idle. With proper network design, you can achieve both backup and load balancing. Make RTA and RTB belong to two vrrp groups that are mutually backed up: In group 1, RTA is the IP address owner, and in group 2, RTB is the IP address owner. Set the default gateway of H1 to RTA; the default gateway of H2 and H3 to RTB. In this way, the device load and network traffic are shared, and the network reliability is improved.
The working mechanism of vrrp protocol has many similarities with Cisco's HSRP (Hot Standby Routing Protocol. However, the main difference between the two is that in Cisco's HSRP, an IP address needs to be configured separately as the external address of the virtual router. This address cannot be the interface address of any member in the group.
Using vrrp protocol, you do not need to modify the current network structure to maximize the protection of current investment. The minimum management cost is required, but the network performance is greatly improved, which has great application value.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
